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X.  IW TS0DDCTI3H 


This  thesis  is  a  continuation  of  the  thesis  "  The 
Preliminary  Personnel  Data  Base  Design  for  the  Indonesian 
Navy  ",  by  Hoedjiono  at  the  Naval  Postgraduate  School, 
Honterey,  California,  June  1982. 

Since  1977,  the  Indonesian  Navy  Data  Center 
(DISPOL AHTAL)  has  collected  and  processed  personnel  data  to 
support  the  leadership  in  the  Navy  in  their  decision  making. 
In  1980  work  began  on  the  design  of  personnel  database 
system.  Computerization  of  persoanel  data  took  place  only 
within  the  Department  of  Personnel  and  was  limited  to  admin¬ 
istrative  purposes.  However,  other  departments  in  the  Navy, 
such  as  Intelligence,  Operations,  Logistics,  and  Planning  , 
had  to  work  with  an  increasing  and  more  complex  amount  of 
data.  with  every  department  maintaining  its  own  personnel 
data  there  were  discrepancies.  Information  was  often  incom¬ 
plete  or  uniformly  updated,  since  not  all  departments 
received  data  changes.  The  increasing  availability  of  data, 
and  the  importance  of  timely  decision-making  emphasized  the 
need  to  establish  a  computer  system  which  could  accommodate 
these  needs. 

Since  information  is  a  recognized  source  of  economic 
value,  the  data  wich  comprise  the  information  should  be 
secured  adequately.  E.  B.  Fernandez  [Bef.  5]  defines  infor¬ 
mation  as: 

a  critical  resource  in  today's  enterprises,  whether  they 
are  industrial,  commercial,  educational,  or  civic. 

’uforma*  on  has  bean  widely  recognized  as  a  resource  of 
conor  -  value  to  an  enterprise. 


This  thesis  proposes  to  continue  the  design  work  of  a 
personnel  database  system  begun  in  1983. 

As  the  use  of  computers  increases,  the  number  of  people 
who  might  have  access  to  confidential  information  also 

increases,  emphasizing  the  importance  of  access  security. 
In  the  military,  a  leakage  of  information  could  endanger 
national  security.  Data  on  secret  weapons,  numbers  and 
distribution  of  personnel,  emergency  procedures,  and 

personnel  background  are  important  to  the  enemy. 

Internally,  misuse  of  data  may  result  in  corruption  of 

totals  of  data  in  compiling  salary  lists  or  theft  of  secret 
information  for  use  by  the  enemy.  The  absence  of  any  type 
of  data  protection  may  lead  to  unintentional  errors  by  an 
operator  resulting  in  the  destruction  or  damage  of  data. 
Natural  disasters  also  may  destroy  information  or  data. 
Damaged  information  may  lead  to  inaccurate  decisions,  which 
may  jeopardize  national  security. 

To  prevent  the  above  mentioned  problems,  it  is  essential 
to  provide  protective  mechanisms  to  database  systems.  In 
other  words,  there  is  a  need  for  database  security. 

In  view  of  the  developments  of  personnel  database  in  the 
Indonesian  Navy  and  the  absence  of  protective  mechanisms, 
this  thesis  propose  a  concept  to  provide  security  for  data 
that  will  be  the  basis  for  decisions  made  by  the  leadership 
of  the  Navy. 

There  are  many  varieties  of  database  types,  but  this 
thesis  will  be  limited  to  the  security  of  personnel  data¬ 
base.  The  six  sections  of  this  thesis  are: 

I.  Introduction. 

II.  The  current  proposed  personnel  database 
systems 

III.  The  needs  for  security  protection. 

IV.  The  Sultics  concepts. 


V.  Implementation  of  Baltics  in  database 
security. 

VI.  Conclusions  and  Recom merdatioas  . 

This  personnel  database  security  conce 
contribution  to  the  security  of  computerized 
in  the  Indonesian  Navy. 


II.  2fiE  £211112  PB3PDS ED  PERSOBBEL  DATABASE  SYSTEM 


The  preseat  Database  systems  [Ref.  3]  have  the  following 
objectives: 

-  Reducing  redundancy 

-  Sharing  of  data 

-  Avoiding  inconsistency 

-  Enforcing  standards 

-  Maintaining  integrity,  and 

-  Balancing  of  conflicting  requirsaents. 

This  database  contains  97  data  elaaents  divided  into  two 
[Ref.  10]  basic  groups: 

1.  Static  data  eleaents. 

2.  Dynamic  data  eleaents. 


A.  STATIC  DATA  ELEMENTS 

Static  data  elements  consist  of  data  that  will  not 
change  frequently. 

For  example: 

Main  Identification  constitutes  a  group  by  itself 
containing  the  eleaents  numbered  131  to  108.  Data  elements 
rarely  retrieved  by  applications  programs  are  entered  into 
Personnel  Characteristic  (element  #  230)  which  in  turn  are 
divided  into  the  following  four  sub-groups: 

1.  Marriage  subgroup  (element  #  300)  containing  elements 
numbered  301  and  302. 

2.  Address  subgroup  (element  #  400)  containing  elements 
numbered  401  to  403  . 
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3.  Body  characteristic  subgroup  (element 

containing  elements  numbered  501  to  511. 

4.  Category  and  Status  subgroup  (element  f  600) 

containing  elements  numbered  501  to  607. 

B.  DT1&HIC  DATA  ELEMENTS. 

Dynamic  data  elements  are  those  which  are  frequently 
changed.  They  are  divided  into  several  subgroups  corre¬ 
sponding  to  their  historical  data.  These  groups  include: 

1.  Rank  group  (element  #  700)  containing  elements 

numbered  701  to  707. 

2.  Profession  group  (element  t  300)  containing  elements 
numbered  801  to  810. 

3.  Education  group  (element  #  300)  containing  elements 

numbered  901  to  909. 

4.  Education  group  (element  #  1100)  containing  elements 
numbered  1101  to  1106.  This  group  is  divided  into  two 
subgroups : 

a.  Activity  and  profession  subgroup  (element  #  1200) 
containing  elements  numbered  1201  to  1204. 

t.  Family  education  subgroup  (element  #  1300) 
containing  elements  numbered  1301  to  1303. 

5.  Payroll  group  (element  t  1400)  containing  elements 
numbered  1401  to  1414. 

6.  Security  group  (element  #  1  500)  containing  elements 

numbered  1501  tO  1506.  This  group  is  divided  intc  the 
following  two  (2)  subgroups: 

a.  Uho  involved  subgroup  (element  #  1500)  containing 
elements  numbered  1601  to  1603. 

b.  Measures  subgroup  (element  #  1700)  containing 
element  numbered  1701  no  1703. 

(For  complete  overview  of  element  numbering  see  Appendix  A.) 


III.  THE  HEED  FOB  SBCPBirT  PBOTfCTIOH 


A.  GEIEBAL  APPROACH 

The  ase  of  automated  data  pro  massing  equipment  has 
become  widespread  because  it  permits  the  handling  and 
storage  of  vast  amounts  of  infonation  at  an  affordable 
cost . 

The  nilitary  benefits  from  the  use  of  computers  include 
speed  and  accuracy  of  data  collection  which  results  in 
timely  and  improved  decisions.  Beside  these  advantages  a  new 
hard-to-solve  problem  emerges,  that  of  information  security. 

The  basic  problem  is  illustrated  in  Figure  3.1  Users  and 
data  at  various  security  levels  desire  simultaneous  access 
to  the  machine's  resources. 

Data  with  all  security  levels  are  stored  on  the  system. 
Osers  with  proper  security  credentials  are  granted  data 
accesses.  Navy  security  policy  requires  that  an  individual 
must  possess  the  required  non-discreticnary1  and  discre¬ 
tionary2  privileges  before  being  granted  access  to  the 
information. 

In  fact,  application  of  computers  in  Indonesia  is  new, 
so  careful  considerations  should  accompany  the  design  and 
implementation  of  the  basic  concepts  of  database  security. 


1  Non-discrationary  security  requires  that  the  individual 
has  a  security  clearence  of  higher  or  equal  level  than  the 
level  of  the  information  requested. 


2  Discretion  ary  security  requites  that  the  individual 
possesses  a  proper  need-to-fcnow  for  requested  information 


con 
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STORAGE  FACILITY  :  MULTI  LEVEL 
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Frequent  foul  play  cft9n  takes  place  because  of  the  lack 
of  protection  whan  using  computer  systems,  as  well  as 
protection  of  the  database  systems. 

In  the  military,  particularly,  information  is  very 
important.  Leakage  or  corruption  of  military  information 
could  endanger  national  security.  Information  about  secret 
weapons,  numbers  and  distribution  of  personnel,  emergency 
procedures,  and  personnel  background  /data  are  all  very 
important  to  the  enemy.  On  the  other  hand,  for  authorized 
users  updated  data  is  very  important  since  an  error  in  the 
data  may  produce  faulty  decisions. 

B.  DEFINITIONS 

Many  definitions  are  used  in  database  security.  The 
most  widely  used  definitions  according  to  Fanandez  E.B. 
(1981)  [Bef.  5]  are: 

"  Information  security  is  the  protection  of  information 
against  unauthorized  disclosure,  alteration,  or  destruc¬ 
tion." 


"  Database  security  is  the  protection  of  information 
that  is  maintained  m  a  database." 


C.  SBCtJBITY  THREATS 

A  database  security  violation  may  take  form  as  unauthor¬ 
ized  reading,  modification,  or  destruction  of  information 
stored  in  the  database.  Possible  threats  to  the  security  of 
a  computer  system  may  be  broadly  classified  as  either  mali¬ 
cious  or  accidental  acts. 
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Database  Security  &  Integrity 
By  E . B .  Fernandez 


Figure  3.2  Security  Threats-. 

In  Figure  3.2  ,  we  see  the  possibility  of  a  malicious 
conduct  by  exploiting  loopholes  in  the  system.  There  are 
also  threats  resulting  from  human  errors,  such  as  acciden¬ 
tally  destroying  information,  or  allowing  it  to  be  se*n  by 
unauthorized  people.  In  addition,  natural  disasters  may 
destroy  or  prevent  access  to  information.  These  threats  are 
classified  as  nonaalicious  threats. 


D.  SECURITY  PROCEDURES  4BD  HECHAIISBS 

Security  threats  arisa  from  a  wide  variety  of  sources, 
therefore  procedures  and  mechanisms  nacessary  to  provide  a 
secure  environment  eust  cover  many  areas  of  the  enterprise. 

External  procedures  must  be  sat  up  so  than  security 
aechanises  implemented  within  the  system  can  be  effective. 
Re  must  select  personnel  who  have  access  to  highly  classi¬ 
fied  information  through  security  clearance  procedures. 

Storage  devices  and  other  hardware  must  be  physically 
protected  against  any  damage  from  natural  disasters  or  mali¬ 
cious  attack.  Protection  of  removable  storage  against  theft 
is  also  necessary.  Re  also  need  backup  systems  for  copying 
data  files  at  different  locations  to  protect  against  infor¬ 
mation  loss. 

Information  may  be  stolen  or  tapped  during  transmis¬ 
sions,  and  encryption  is  one  way  to  protact  this  data. 

In  summary,  the  security  of  a  databasa  depends  on  a 
complex  set  of  protective  measures:  human,  software,  and 
hardware  [Ref.  14). 

E.  SECURITY  POLICIES 

An  access-control3  system  determines  the  way  a  subject4 
say  access*  data  or  objects.* 


3 Access-control.  A  strategy  for  protecting  ob  leers  from 
unauthorized  access. 

♦Subject.  An  active  user  of  a  computer  system  together 
with  any  other  entity  acting  on  behalf  of  a  user  or  on 
behalf  of  the  system;  for  example.  processes,  jobs,  and 
procedures  may  be  considers d  subjects.  Certain  subjects  may 
also  be  considered  to  be  objects  of  the  system. 

*Access.  The  ability  and  the  means  necesary  to  store  or 
retrieve  data,  to  communicate  with,  or  otherwise  make  use  of 
any  resource  in  a  computer  system. 

•Object.  In  a  fgrmal  security  model,  an  identifiable 
resource,  data  container  or  relatsd  entity  cf  the  system; 
the  counterpart  of  subject.  Software-created  entities  such 
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Pigure  3.3  iccess-type-dependent  Access  control. 


Figure  3.3,  shows  a  si+.uatica  where  not  everybody  can 
saa  the  whola  file.  Users  are  given  access  to  the  file, 
according  to  their  position. 


as  files,  programs  and  directories  are  objects,  as  well  as 
hardware  resources  such  as  saner?  blocks,  disk  tracks, 
terainals,  and  tapes. 
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n  oe  of  several  fores: 
read 
write 
append 
delete,  and 
execute 

access  is  often  used  but  omitted  from  this 
e  fact  that  execute  access  in  the  proposed 
tecture  is  similar  to  a  read  access, 
fied  to  access  specific  data,  a  user  must 
ilitary  security  contentions  of  classifica- 
and  need-to-know. 


SECRET 


ARMY 


coapartaentalization  and  levels,  a  good  policy  for  control 
information  flov  can  be  created. 


P.  HOLT  I  LEVEL  MODEL 

This  aodel  introduces  the  concept  of  levels  and  catego¬ 
ries.  Each  sabject  is  assigned  a  clearance  level,  and  each 
object  is  assign  a  classification  level.  Every  person  in 
the  eilitary  has  different  security  levels  that  permit  how 
far  (s)  he  eay  access  the  file  and  how  such  (s)he  can  see  the 
file.  Therefore  a  security  level  is  a  composite  of:  {  A,  B 
} ,  where  h  is  the  classification  level  and  B  is  the  set  of 
categories. 

One  security  level  is  said  to  doiinate  another  if  and 
only  if: 

1.  its  classification  or  clearance  level  >  the 
other,  and 

2.  its  category  set  contains  the  other. 

Clearance  and  classification  levels  are  ordered  as 

follows: 


top  secret  >  secret 

secret  >  confidential 
confidential  >  unclassified 

Security  levels  are  only  partially  ordered  however,  so  that 
some  subjects  and  objects  are  not  comparable.  In  Pigure  3.5 
,  L2  is  dominated  by  LI,  since  its  level  of  classification 
and  its  set  of  categories  is  higher.  On  the  other  hand 
security  levels  of  LI  and  L3,  are  not  comparable.  The 
elements  of  the  above  aodel  are  suaiarized  in  Figure  3.6 
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Figure  3.5  Ordering  of  Security  Level. 


Access  to  an  object  can  be  through  either  observing 
(HEAD)  the  object  or  altering  (APPEND)  the  object,  and  from 
this  combination  we  can  determine  the  access  type: 

*  not  both 

*  READ 

*  APPEHD 

*  WHITE 

The  multilevel  model  considers  the  states  of  a  secure 
system,  which  are  described  by: 

1.  the  current  access  set,  which  is  a  set  of  triples 
(  subject,  object,  access  type  )  or  (s,c,t). 


2.  an  access  matrix. 


1  Element 

Interpretation 

Subject  s 

Process 

Object  o 

Oats,  files. . . . 

Classifications 

Clearance  level  of  subject,  classification  level  o‘ 

j 

obiect 

Categories 

Access  privileges 

|  Security  level 

(Classification,  category  set) 

Access  attribute  t 

No  observe,  no  alter;  observe  only,  observe  and  alter; 

i  : 

alter  only 

Access  matrix 

Discretionary  security 

Request 

Changes  current  access  or  other  aspects  of  system 

state  ! 

(s.  o.  t) 

Current  access  ! 

Decision 

Yes.  no.  error,  or  »  1 

Rules 

Determine  decision,  next  state  1 

1 

.  1 

From: 

Database  Security  & 

Integrity 

E.B.  Fernandez 

Figure  3.6  Elemants  of  tha  Bultileval  Bodel. 


3.  the  security  level  of  each  subject,  and 

4.  the  maximum  and  current  security  levels  of  each 
subject. 


1  •  Requirements  to  Bead  Data  from  a  Data  Set 

l  user  may  read  a  set  of  data  if,  and  only  if  his 
clearance  dominates  the  classification  of  a  data  set.  The 
clearance  of  user  (0)  dominates  a  set  of  data  (D)  if,  and 
only  if, 

military  classification  (D)  >  military  classification  (D) 
category  (0)  c  category  <D) 

0  need-to-know  {  read  D) 


2 .  Heguir ament  to  Write  Data  into  a  Data  Set 

&  user  nay  not  write  data  into  a  set  of  data  if  th 
classification  of  the  data  he  is  writing  dominates  the  clas 
sification  of  the  data  into  which  he  is  writing.  That  is 
if  the  user  wishes  to  write  data  (d>  into  data  set  (D)  ,  i 
is  required  that 

military  classification  (d)  <  military  classification  (D) 
category  (d)  2  category  (D) 

0  need-to-*now  (write  D) 


I?.  TflE  MfiL TICS  CORCEgTS 
1.  GEI2BAL  CONCEPT 

The  Multiplexed  Information  and  Computing  System 
[Hef.  1]  (MULT ICS)  ,  employs  the  concept  of  rings  of  projec¬ 
tion  ,  based  on: 

1.  Need  to  know,  and 

2.  Firewall,  to  minimize  daaage  due  to  errors. 

n 

Basically  protection  of  data  or  objects  in  Nultics  is 
achieved  by  compartmentaliz ing  all  of  the  stored  information 
into  discrete  packages  called  segments,  where  each  is  asso¬ 
ciated  with  a  set  of  access  attributes. 

This  chapter  will  discuss  the  concepts  of  access 
control,  protection,  and  filing  concepts  in  nultics,  since 
these  filing  concepts  will  be  a  basis  for  the  implementation 
of  the  existing  personnel  database  in  the  folicwing  chapter. 

B.  ACCESS  CONTROL  AND  PROTECTION 

In  nultics,  compartmentalization  [Ref.  11]  is  achieved 
through  two  primary  mechanisms: 

1.  Per-Sagment  Access  Control 

2.  Concentric  Rings  of  Protection 

These  mechanisms  complement  one  another. 

1.  Per-seqment  Access  Control 

Per-Sagment  Access  control  is  a  means  of  denoting 
and  controlling  the  type  of  access  to  a  particular  shared 
segment  given  to  an  individual  user.  A  segment  may  be 


shared  by  two  or  sore  processes.  The  subject  who  creates  the 
segment  and  grants  permission  to  share  to  a  user,  may 
specify  the  type  of  access  to  be  gi?en  to  each  grantee.  3y 
this  privilege,  Bultics  guarantees  that  a  user  can  safeguard 
the  information  he  creates  and  files  away  for  future  use. 
Bultics  permits  the  coexistence  of  many  processes,  each  of 
which  competes  for  the  system's  physical  resources  and 
employs  the  same  file  system  hierarchy. 

The  hierarchical  directory  structure  in  Bultics 
which  controls  the  file  system  looks  like  ordinary  file.  It 
includesauthors,  users  listing  and  access  type  permitted  to 
each  user  which  is  granted  individually.  Each  author  listed 
in  the  directory  is  associated  with  a  file  in  the  access 
control  list  (  ACL  )  . 

2.  Concentric  Rings  o£  Protection 

The  ring  mechanism,  by  contrast,  offers  intraprocess 
protection  of  a  segment.  The  concentric-rings  concept  is 
essentially  a  generalization  of  S  (supervisor)  and  0  (user) 
domains.  The  segments  of  any  process  are  associated  with  a 
set  cf  generally  two  cr  possibly  more  concentric  rings. 

A  ring  procedure  prevents  any  user  from  referring  to 
inner  ring  data  segments  which  have  higher  level  classifica¬ 
tion.  A  user  is  permitted  to  access  more  privileged  proce¬ 
dures  only  through  specially  controlled  entry  points  called 
"gates". 

By  subsetting  the  segments  of  a  process  into  rings 
and  by  effectively  controlling  interactions  and  communica¬ 
tion  between  segments  of  different  rings  (supevisory  or 
userlike) ,  Baltics  has  the  potential  to  isolate  trouble  and 
limit  the  damage  in  the  system.  fihen  an  outside  ring  is 
damaged,  this  will  not  effect  the  inner  ring,  but  damage  tc 
the  inner  ring  will  cause  damage  to  the  outside  ring  as 
well. 
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access!  ble 


Ring  brackets  are  associated  with 
segaents  as  shown  in  Figure  4.  i  . 


READ 


Figure  4.1  Segaent  Privileges. 

Read  and  Write  privileges  are  always  associated  with  a  ring- 
bracket  starting  at  ring  0.  In  Figure  4.1  for  example,  the 
read  bracke*  is  defined  as  ring  0  to  ring  4,  which  means 
that  if  a  process  is  currently  being  executed  in  ring 
0,1, 2, 3  or  4,  then  it  may  read  the  segment. 

The  Call  bracket  is  defined  as  ring  5  and  6,  which 
means  that  only  when  a  process  is  executing  in  ring  5  or  6 
can  it  call  this  segment  when  the  segment  is  being  executed, 
as  the  process  is  in  ring  3. 


In  Baltics  ,  all  storage  are  organized  as  named 
segments,  and  the  segment  is  the  unit  of  protection.  A 
segment  can  contain  either  data  or  procedures. 

&  Baltics  process  is  usually  associated  with  an  end 
user  who  is  identified  by  a  unique  number.  In  the  database 
context  an  end  user  invoices  a  database  application  program 
by  combining  a  number  of  procedures.  Eventually  one  cf  these 
procedures  will  call  a  DBAS  procedure,  which  in  turn  may 
call  other  DBAS  or  operating-system  procedures.  The  user  can 
build  protected  subsystems  by  grouping  procedures  into 
segments  that  can  then  be  protected  from  one  another. 

Associated  with  each  process  is  a  descriptor 
segment,  which  is  a  vector  of  segment  descriptor  words 
(SDNs)  providing  addressability  to  all  the  segments  acces¬ 
sible  to  the  process.  A  directory  system  is  used  to  locate  a 
segment  when  it  is  first  referenced  by  a  process.  The  direc¬ 
tory  entry  for  a  segment  contains  an  access-control  list 
specifying  which  users  can  access  tie  segment  and  what  their 
rights  are.  If  the  requested  access  is  authorized,  the 
segment  is  added  to  the  user's  virtual  memory  by  adding  the 
appropriate  SDN  to  the  user's  descriptor  segment. 

Initially  all  information  is  stored  in  the  access- 
control  list.  However,  when  the  sequent  is  first  referenced, 
the  information  is  copied  into  the  5DN  for  the  segment.  For 
every  subsequent  access  by  the  process  the  SDN  alone  is 
checked  by  hardware  to  determine  whether  an  access  is 
authorized. 


C.  BOLTICS  FILE  STS TEA 

The  Bultics  filing  system  consists  of  two  modules: 
Segment  Control  and  Directory  Control.  Hera,  file  and 
segment  are  entirely  synonymous,  since  the  concept  of 
segment  is  merely  an  extension  of  the  concept  of  file. 


I 

* 

The  segment  Control  Module  (SCM|  interprets  the  intent 
of  the  user's  symbolic  references  to  segments.  It  determines 
|  to  which,  if  any,  of  the  segments  already  known  to  the 

process  a  given  symbolic  name  refers.  If  none,  the  Segment 
Control  Module  iU3t  then  determine  if  a  new  segment  is  to  be 
created  and  placed  in  the  hierarchy. 

|  .  When  using  the  SCM,  a  Known  Segment  Table  (KST)  is 

needed  to  store  segments  currently  part  of  the  process.  SCM 
maintains  control  over  these  ref ersnce-name-segment-number 
pairs  in  a  given  process.  Its  job  is  to  develop  and  reuse 
|  each  name-number  pair  in  its  proper  context. 

The  directory  Control  Module  (DIM)  is  used  to  search  all 
inquiries  about  the  status  or  location  of  segments  and/or 
their  descriptions,  because  only  this  module  is  permitted  to 
I  read  and  alter  the  contents  of  the  directory  segments. 


1.  Directory  Structure 

This  filing  system  has  a  directory  structure  that 
contains  two  types  of  entries  which  say  be  added  to  it: 

1.  branches  and 

2.  links. 

A  branch  is  a  detailed  description  of  a  segment 
located  in  the  secondary  storage  of  records  that  comprise 
the  segment.  A  link  is  a  special  kind  of  named  entry  whose 
purpose  is  to  point  to  another  entry,  normally  in  soma(any) 
other  directory.  This  allows  a  useful  fora  of  cross- 
referencing  capability,  to  be  superimposed  over  the  basic 
tree  structure  formed  by  the  branch- type  entries.  Figure 
4.2  shows  an  example  of  the  conceptual  model  of  the  file¬ 
system  tree  structure. 


-  %  • • . 
-VV.-.V. 
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Figure  4.2  Conceptual  Hole!  of  the  Pile-systai  Tree  structure 


To  reach  a  certain  branch,  a  certain  path  is  needed 
using  path_name  and  relativ e_path_na®e.  A  path_name,  is  a 
list  of  The  node  names  froa  the  root  to  the  branch  (or  link) 
inclusive,  where  elements  of  the  list  are  separated  by  the 
"> "  character.  Por  example,  to  search  for  "sub"  the 
following  path  name  is  used: 


" >  user_dir_dir  >  projectl  >  user  a 1_directory  >  sub", 
and  to  search  for  "sort"  the  rath  name  used  is: 


">user  dir  dir  >  project!  >  useral  directory  >  sort" 


directory  path  naae 


name 


path  naae  for  the  branch  (or  link) 


In  other  words,  the  Hultics  link  is  considered  a  shorthand 
for  symbolic  pathname,  therefore,  it  introduces  no  addi¬ 
tional  structure. 

Figure  4.3  shows  that  from  directory  A,  the  symbolic 
naae  "E"  is  shorthand  for  "  >  B  >  E  ".  Any  path  naae  may 
begin  with  "  >  ",  if  a  path  name  begins  with  other  than  " 

>' ,  the  given  path  is  referred  to  as  a  relative  path  name. 

At  all  times,  an  executing  process  is  associated 
with  a  working  directory.  This  is  a  directory  the  process 
happens  tc  be  currently  "using".  It  is  merely  a  reference 
marker  to  a  point  in  the  hierarchy  froa  which  it  becomes 
convenient  to  describe  a  relative  Dath  to  other  segments. 


Figar9  4.3  Interpretation  of  Links. 

Thus,  a  tree  path  to  a  particular  node  aay  be  described 
relative  to  the  working  directory  of  a  process.  For  exaaple 
referring  to  Figure  4.2  the  path  aane  for  sort  is  siaply 
"sort",  and  the  path  naae  for  delete  is  "a  1_library  >  delete 


It  is  also  possible  to  use  the  relative  path-naae 
convention  when  referring  to  a  branch  that  is  not  a  descen¬ 
dant  of  the  working  directory.  This  is  done  with  the  aid  of 
the  character  "<".  In  is  interpreted  as  parent  of  the 
working  directory.  And  "<<"  would  lean  parent  of  parent  of 
the  working  directory,  and  sc  on.  For  exaaple,  relative 
path  naae  for  <  usera3_directory  >  is  "«  projact2  > 
usera3_directory"  or  " user_dir_dir  >  project2  > 
user  a  3  directory" 


An  element  (Si,  Oj,  x)  in  b  indicates  that  subject 
Si  has  current  access  to  object  Oj  in  access  mode  x. 

In  SDH  is  a  field  which  indicates  access  permission 
(write,  read,  execute,  or  append) 

An  entry  in  H  such  as  {  r,w  }  indicates  that  subject 
Si  has  read  and  write  permission  with  respect  to  object  Oj, 
if  Oj  is  a  data  segment. 

As  example  of  the  data  structure  of  an  access- 
control  list  for  an  individual  branch  is  shewn  in  Figure  4.4 


BRANCH 


BRANCH 


DATA 

DIRECTORY  \ 

SEGMENT 

SEGMENT  \ 

% 

1 
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Figure  4.5  Baltics  Hieracchiy  Equivalent. 


a 


i 


3.  Retrieving  Pile -branch  Information 

The  hierarchy  H  of  the  model  is  structured  tc 
reflect  the  tree  structure  among  segments  realized  by 
branches  in  Baltics.  If  Oi  and  Oj  are  objects  in  the  model 
and  H  (Oi)  includes  Oj,  then  Oi  is  the  parent  of  Oj.  Figure 
4.5  shows  this  situation. 


Figure  4.6  Chain  of  Licks. 


when  directory  control  is  supplied  a  path  name  for 
the  purpose  of  retrieving  corresponding  file-branch  informa¬ 
tion,  the  desired  directory  entry  is  retrieved  by  link  or 
branch.  If  it  is  a  branch,  the  target  has  been  reached,  and 
if  it  is  a  link  the  path  name  found  in  a  link  is  then 
employed  for  a  repetition  of  the  retrieval  process.  It  is 
possible  that  a  chain  of  links  evetually  leads  *o  a  branch. 
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Figure  4.6  shows  hew  usecU  grants  permission  to 
user3,  and  aser3  grants  permission  to  aser2  to  use  ♦heir 
routines.  If  ussr2  and  aser3  appear  in  the  access  control 
list  for  <b>  in  user4's  user  directory,  then  user2  may  use 
«dM  as  a  symbolic  reference  and  user 3  may  use  "c"  as  a 
symbolic  reference  to  the  segment  whose  branch  entry  is 
named  MbM. 
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?.  IMPLEMENTATION  OF  BOLT ICS  II  DATABASE  SECURITY 


The  basic  security  model  including  data  security  in 
Baltics  has  been  discussed  in  the  previous  chapter.  3efore 
we  further  discuss  the  implementation  of  database  security 
we  will  take  some  assumptions  as  followed:  Firstly, 

although  the  Multics  system  was  developed  and  applied  to 
operating  systems  for  Honeywell  computers,  we  will  assume 
that  it  can  also  be  used  by  other  computers  in  general. 

Secondly,  we  assume  that  users  in  the  Indonesian  Navy 
database  system  are  limited  tc  five  assistants  for  Chief  of 
Staff  of  the  Indonesian  Navy,  namely: 

1.  Assistant  for  Security 

2.  Assistant  for  Operations 

3.  Assistant  for  Personnel 

4.  Assistant  for  Logistics 

5.  Assistant  for  Planning 

The  second  assumption  is  needed  because  there  are  some 
offices  supervised  by  the  Assistants  which  currently  deal 
with  the  personnel  database  system. 

The  description  of  a  directory  has  been  discussed  in 
Chapter  IV,  therefore  we  will  not  discuss  how  to  find  a 
segment  in  this  chapter. 

The  personnel  database  in  the  Indonesian  Navy  is  divided 
into  17  segments.  The  method  proposed  here  adds  2  segments 
which  are: 

Segment  400,  which  is  followed  by  elements  number 
401-403,  is  divided  into  two,  namely  segment  400  which  is 
followed  by  elements  number  401  aad  segment  500  which  is 
followed  by  elements  number  501.  Tale  change  is  needed  since 
element's  owners  are  different. 


For  the  same  reason,  segment  500  which  is  followed  by 
elements  501-502,  is  divided  into  two  segments,  namely 
segment  600  followed  by  elements  number  601-607  and  segment 
700  followed  by  elements  number  701-705. 

ill  changes  are  shown  in  the  table  in  Appendix  C. 
ie  can  summarize  to  this  point  that  the  personnel  data¬ 
base  is  now  divided  into  19  segments  and  there  are  5  users, 
which  follow  the  sequence  of  assistant  staffs.  It  has  been 
determined  who  owns  each  segment,  and  each  owner  has  the 
authority  to  update  the  contents  of  his  segment (s). 

To  implement  the  new  security  method  mentioned  above,  it 
is  necessary  to  set  up  a  table  containing  all  segments  and 
their  relation  to  each  user.  The  table  tells  what  segment 
belongs  to  whom  and  what  hind  of  accesses  are  authorized  to 
other  users.  In  this  case  the  DBA  (Database  Administrator) 
can  arrange  the  table  in  the  proper  order. 


TABLE  I 
Access  Table 


ELM 

* 

100 


200 


222222222  2  S3S 322222  SS S  222222. 

DATA-NAflETYPE  OF  ACCESS 
SI  S2 

8AINID  R  R 


CHARACT  R 


53 

R»A  D 

RW  AD 


S** 

22 

R 


S5 

R 


300  HARR 


S  if  AD 


400 

ADDS 

R 

— 

R  W  AD 

— 

500 

ADDBSTA 

- 

- 

R  RW  AD 

- 

600 

BODTCHAR 

- 

— 

RWAD 

- 

700 

PEESIZ 

- 

- 

R  RWAD 

- 

300 

CATEG 

R 

R 

RWAD  R 

R 

900 

BANK 

R 

R 

RWAD.  R 

R 

1000 

PROFESS 

R 

R 

RWAD 

R 

1100 

EDUC 

R 

R 

RWAD 

R 

1200 

SDBJ 

R 

R 

RWAD 

R 

1300 

FAM 

R 

- 

RWAD 

- 

1400 

FACT 

R 

- 

RWAD 

- 

1500 

FEDOC 

- 

- 

RWAD 

- 

1600 

PAYROLL 

- 

- 

R  WAD 

- 

1700 

SEC 

RWAD 

1800  WHOINV 


R  W  AD 


1900  MEAS  R  WAD 


Security  is  divided  into  4.  levels  : 

1.  Top  secret 

2.  Secret 

3.  Conf ident ial,  and 

4.  Unclassified 

Segment  numbers  1700,  1800,  and  1900  are  in  the  classi¬ 
fied  levels  and  the  other  segments  classifications  will  be 
determined  in  the  future,  depending  on  the  needs  of  the 


71.  COMCLOSIOBS  AND  8ECD5 H^BDATJO NS 

It  is  justified  here  to  draw  some  conclusions  and  make 
recommendations  concerning  the  importance  of  personnel  data¬ 
base  security  in  the  Indonesian  Navy. 

The  conclusions  can  be  described  as  follows: 

1.  Database  security  is  very  important  to  any  database 
system,  especially  in  the  military. 

2.  The  Multics  system  provides  basic  concepts  to  achieve 
a  sound  database  security  system. 

3.  The  Indonesian  Navy  personnel  database  security  can 
be  improved  by  applying  such  concepts  as  the  one 
described  in  this  thesis. 

In  order  to  implement  this  security  .  model  in  ■‘-he 
Indonesian  Navy  database  personnel  system,  it  is  -recommended 
to: 

1.  Assign  security  personnel  under  the  DBA  who  will  be 
responsible  for  tha  security  of  the  existing  data¬ 
base. 

2.  Conduct  further  research  to  explore  possible  enhanch- 
ments  to  the  physical  design  related  in  this 
proposal. 


APPENDIX  A 

DATABASE  PERS0I1EL  TABLES 


Each  of  these  tables  contains  two  elements:  cod*  and 

description.  Example:  **  1  Kale  "  indicates  cede  number  1  is 
Hale. 

1.  PERSONAL  STATUS: 

A.  Military 

01  Volunteer  03  Titular 

02  Obliged 

B.  Civilian 

11  Daily_laborar 

12  Honthly_laborer 

13  Monthly_laborer  organic 

14  Temporary  so vernment_off icial 

15  pr9_Government<j3ff icial 

15  Civilian_Government_of ficial 

17  Civilian_HilitaryJTitalar  Sovernm3nt_of f icial 

2.  PERSONAL  CATEGORY: 

0  Not  clear 

1  Active  organic 

2  In  charge 

3  In  assistance 

4  In  direction 

3.  SEX: 

1  Kale  2  Female 


5  Baiting  for  placement 
5  Baiting  for  direction 
7  Pre_retired 
3  Honey  waiting  (UT) 

9  Retired 


4.  HARITAL  STATUS 


(  V 

1  Harried 

2  Not  married  | 

5.  CHILDREN  ALLOWANCE  STATUS 


1  Claimed  by  him/  2  Claiaed  by  spouse 

herself 

6.  HOUSING  STATUS: 

1  Government-quart ers 

2  Hess 

3  Ship 

7  With  relations 

7.  BLOOD  TYPE: 

1  A 

2  B 

3  AB 

8.  COLOR  OF  SKIN: 

1  White  4  Yellow-brown 

2  Yellow  5  Brown 

3  Black 

9.  HAIB: 


4  0 
3  X 


4  Private/owned 

5  Banted 

5  Coatract/leased 


1  sraight-lank 

2  Curly 

10.  COLOR  OF  EYES: 


3  Straight-stiff 

4  Wavy 


1  Black 

2  Blue 

11.  SIZE  OF  PANTS/SHIRT: 

1  Small 

2  Medium 


3  Brown 

4  Green 

3  Large 


12.  RELIGION: 


1  Moslem 


4  Hindu 


2  Catholic 

3  Protestant 


5  Budhist 
5  Cofucian 


13.  STATUS  OF  HANK: 

1  Effective 

2  Teaporary 

3  In  education 

14.  TYPE  OF  PROMOTION: 

1  Regular 

2  Extraordinary 

15.  STATUS  OF  PLACEMENT: 

0  Organic 

1  Labor  (non  organic) 

2  In  charge  (detached 
fron  parent  conaand) 

16.  RESULT  OF  EDUCATION: 

1  Graduated 

2  Not  graduated 

17.  FAMILY  RELATION: 

0  Spouse 

1  Child  nun  her  1 

2  Child  number  2 

3  Child  nunber  3 

4  Child  nunber  4 

18.  RANK: 

A.  Military: 

99  Third  Sailor 
99  Second  Sailor 
97  First  Sailor 
95  Second  Corporal 


4  Military  obligated 

5  Military  titular 


3  Honor  (meritorious) 

4  Honour-grace  (posthumous) 

3  In  assistance  (teaporary 
additional  duty) 

4  In  direction  (independent 
duty) 

3  Incomplete 


5 

Child 

nun  bar 

5 

5 

Child 

number 

6 

7 

Child 

number 

7 

3 

Child 

nun  bar 

8 

9 

Child 

number 

9 

95  First  Corporal 

89  Second  Sergeant 

87  First  Sergeant 

86  Head  Sergeant 

85  Sergeant  Hajor 

84  Second  Assistant  Lieutenant 

83  First  Assistant  Lieutenant 

82  Candidate  Officer 

73  Second  Lieutenant 

77  First  Lieutenant 

75  Captain 

68  Hajor 

67  Lieutenant  colonel 
66  Colonel 

58  First  Admiral  (Commodore) /Brigadier  General 
57  Rear  Admiral/Ma jor  General 
55  Vice  Adaira  1/Lieu  ten  ant  General 
55  Adairal/General 


B  Civilian 

48  Group 

I/A 

27 

Group 

I  II/B 

47  Group 

I/B 

26 

Group 

III/C 

46  Group 

I/C 

25 

Group 

III  /D 

45  Group 

I/D 

18 

Group 

IV /A 

38  Group 

II/A 

17 

Group 

IV/B 

37  Group 

II/B 

16 

Group 

IV/C 

36  Group 

II /C 

15 

Group 

IV /D 

35  Group 

II/D 

14 

Group 

IV/E 

28  Group 

III/A 

19.  CORPS: 

A.  Hilitary 

130  Sailor/Declc  (for  officer  only) 
151  Deelc 


16  2  Torpedo 

163  Weapon 

164  Constable 
155  Signal 
166  Telegraa 

157  Under-Water  Weaponry 

200  Technician/Engineer  (for  officer  only) 
251  Mechanist 

25  2  Construction 

26  3  Ship  Construction 
264  Airplane  Maintenance 

300  Electronics  (for  officer  only) 

351  Hadio 

362  Radio-Badar  Mechanic 

363  Electro-Machine  Mecaanic 
35  4  Electrician 

365  Sub- Weapon  Electrician 
356  Electro  Mechanic 
367  Weapon  Electro  Mechanic 
35  8  Electronics 

400  Marine  (for  officer  only) 

461  Infantry 

46  2  Aaphibious 

463  Field  Artillery 

454  Air  Defence  Artillery 

455  Tank 

466  Pansam  (Amphibious  Tank) 

467  Transportation 

468  Zipur  (Defense  Construction) 

459  Coaaunicati on-Electronica 

470  Nurse 

471  Field  Support 

500  Administration  (for  officer  only) 


-  •-  -  '  •  -*•  *  *•  *.  .V  *,  *.  A  '.AAV.  •  •  *  ’  *  .  '  .  •  O.  *.  *k 
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56 1  Writer/Typi st 
552  Finance 
55  3  Support 

564  Family  bossiness 

565  Cook-1 
556  Cook 
567  Tailor 

630  Health  (for  officer  only) 

651  Nurse 

662  Radiologist 

663  Analyst 

664  Dental  Technician 

665  Chemist 

666  assistant  Chemist 

730  Specialist  (for  officer  only) 

761  Judicature 

762  Intelligence 

75  3  Transportation 

764  Carpenter 

765  Physical  Fitness 

766  Musician 
757  Photography 

76  8  Cinematography 
769  Miscellaneous 

800  Homan  (for  officer  only) 

861  Communication 
86  2  Hriter/Typi  st 

863  Finance 

864  Information 
86  5  Physical  Fitness 
666  Nurse 

857  Mav-Informa tion  Defence 
868  air  Traffic  Controller 


930  Clergy  (for  officer  only) 

B.  Civilian: 

000  Administration 
031  General  Administration 
002  Pinance  Administration 
033  Labor  Administration 
004  Support  Administration 
035  Nursing  Administration 
006  Technical  Administration 
037  Typist 

008  Stencil  Hechanic 

039  Nursing  Staff 

010  Statistic  Administration 

011  Law  Administration 

012  Library  Administration 

013  Transportation  Administration 

014  Housing  Administration 

015  Post  Administration 

016  Hiscellaneous  Administration 

017  Technician 

018  Ship  Technician 

019  Engine/Hachine  Technician 

020  Electro  Technician 

021  Construction  Technician 

022  Carpenter 

023  Welding  Technician 

024  Telephone-telegraph  Technician 

025  Radio  Technician 

026  Hechanic /Driver 

027  Laborer 

028  Photographer 

029  Pile  Operator 


030  Metal  Technician 

031  Painter 

032  Weapon  Technician 

033  Pire  Safety  Inpector 

034  constructor 

035  General  Controller 

036  Shipyard  worker 

037  Pump  Technician 

038  Railroad  Technician 

039  Meteorological  Technician 

040  Miscellaneous 

041  Nurse 

042  Dental  Nurse 

043  General  Nursing 

044  Midwife 

045  Pharmacy 

046  Physicthera phy 

04  7  Radiology 

048  Pediatric  Nurse 

049  General  Medical 

050  Opthalmolog ist 

051  Throat-nose-ear  Physician 

052  Neurologist 

05  3  Dermatologist 

054  Dietitian 

055  Miscellaneous 

056  Specialist 

057  Teacher/Instructor 

05  8  Messenger 

059  Cook 

060  Gardener 

051  Shoemaker 

062  Tailor 

05  3  Barber 


064  Janitor 

065  Forestar 

066  Sketcher 

057  Security 

068  Lifeguard 

05  9  Parking  Has  ter 

070  Pire  Brigade 

071  Physical  Fitness 

072  Artist 

07  3  Clergy 

074  Laundry 

075  Ocean  Tide 

076  Petro-chemical  Technician 
077  Geography 
078  Hiscellaneo us 

20.  GROOP  CODE  OF  EDUCATION : 

000  General  Development 

001  National  Defense 

002  Joint  command  &  Staff  College 

003  Command  8  Staff  College  Level 

004  2nd  Officer  Continuing  Education  Level 

005  1st  Officer  Continuing  Education  Level 

Oil  SCO  Continuing  Education  Level 

100  Formation 

101  Hilitary  Academy  Level 

102  Fundamental  Officer  Education  Level 

103  Candidate  Officer  Education  Level 

111  Candidate  NC0  Education  Level 

112  Candidate  Corporal  Education  Level 

113  Candidate  Enlisted  Education  Level 

200  Labor 

201  Labor  Education  Level 

51 


'»  A  »*•  ,  • 


j.~>  A.i.’i  »\ 


-V-V. 


\  A  A  _v 


300  Seneral  Education 

301  (Jnivarsity  Level 

302  lea  deny  Level 

303  Senior  High  school  Level 

304  Junior  High  School  Level 

305  Elenentary  School  Level  (graduate) 

306  Elenentary  school  level  (not  graduate) 

400  Specialist  Hilitary  Education 

401  Specialist 

402  Officer  Specialist 

403  NCO  Specialist 

404  Enlisted  Specialist 

405  Civilian  Specialist 

500  General  Course 

21.  ECHELON  OP  PROFESSION: 


11 

Echelon 

1-A 

23 

Echelon 

2-C 

12 

Echelon 

1-B 

24 

Echelon 

2-D 

13 

Echelon 

1-C 

25 

Echelon 

2-E 

14 

Echelon 

1-D 

25 

Echelon 

2-P 

15 

Echelon 

1-E 

31 

Echelon 

3- A 

16 

Echelon 

1-F 

32 

Echelon 

3-B 

17 

Echelon 

1-G 

33 

Echelon 

3-C 

18 

Echelon 

1-H 

34 

Echelon 

3-D 

21 

Echelon 

2-A 

35 

Echelon 

3-E 

22 

Echelon 

2-B 

43 

Functional 

22.  STATION: 

Not  include  here  for  security  reasons. 

23.  VIOLATION: 


1  Discipline 


3  Negative  data 


APPBSDII  B 
DATABAS B  DICTIONARY 


This  data  dictionary  contains  descriptions  of  the 
Personnel  Data  Base  segaents  (data  elements  groups)  and 
their  data  eleaents.  There  are  six  columns  in  the  table: 

1.  Element  Number  (ELS  #) .  The  data  element/segm  ant 
number  contains  four  digits.  The  first  two  digits  is 
the  segment  number,  begiming  from  the  root  and 
increasing  by  one  (leading  zeroes  suppressed)  ,  and 
another  two  digits  for  the  data  element  number  in  the 
segment  beginning  from  on9  and  increasing  by  one. 

2.  Data  Element  (DA TA_ ELEMENT) .  This  column  contains 
data  eleaent/segment  name  as  it  is  known  to  the 
users. 

3.  Data  Name  (DATA_NABE)  .  This  column  contains  the 
unique  name  for  data  elemeat/segment which  is  to  be 
used  by  programme r/user  when  retrieving  data  from  the 
Database. 

4.  Type  (TTPE)  •  This  column  contains  the  data  element*s 

type  where  N  means  Numeric  and  AN  means 

Alpha-Numeric. 

5.  Number  of  Character  (  OF  CHAR).  This  column  retains 
number  of  characters  in  the  record  field  of  the  data 
element /segment. 

6.  Description  (DESCRIPTION).  This  column  contains  the 
description  of  the  data  eleaent/segment.  Described 
are  the  data  element/segment  relationships  (depen¬ 
dent,  root,  etc.)  ,  key  record/sagment,  administrative 
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control,  usage,  and  identifications.  This  description 
helps  the  programmer/  user  to  find  the  path  tc  desire 
data  eleaeats/segien ts  in  the  database. 

The  abbreviations  used  in  the  data  dictionary  table  are: 
OB  for  Database,  segn  for  segien,  lev  for  level,  tbl  for 
table.  YYMHDD  for  Year  (two  digits!  ,  Month  (two  digits)  and 


Date 

(two  digits),  occur  for  occurr 

ence. 

dep 

endt  for  depen- 

dent. 

Kg  for  Kilograa,  and 

Cm  for  Z 

ea timet er. 

ELM 

DATA-ELEMENT 

DATA- 

TY¬ 

#OF 

DESCRIPTION 

# 

NAHE 

PE 

CHAR 

22X22 

8SSS33SS3 2  222  2  2  2222222 

22222222 

=«« 

100 

Main  identification 

HAINID 

76 

Root  segn  DB 

lev  1,  segra  1, 

one  occur 

101 

Personal  Serial 

SERNUM 

N 

9 

Record  key 

Nunber 

(Main  Key) 

102 

Name 

NAME 

AH 

26 

Name,  title 

103 

Corps 

COBPS 

N 

3 

See  corps  tbl 

(19) 

104 

Sex 

SEX 

N 

1 

See  sex  tbl  (3) 

105 

Birth  date 

DM  BIRTH 

H 

6 

YYMMDD 

106 

Birth  place 

PMBIBTH 

AN 

15 

Town  (ciry) 

107 

Religion 

RELIGION 

H 

1 

See  religion 

tbl  (12) 

108 

Tribe 

TBIBE 

AH 

15 

- 

200  Personal 


CHARACT 


Dspendt  sega  of 
root,  lev  1, 
saga  2,  one 
occur 


55 


300  Marriage 


MARR 


P.-i: 


'"V% 

.  v  * 


I 


301  Marital  status 


MAH  ST 


Dependt  s;qi  of 
CHARACT,  lev  3, 
sega  3,  repeated 

See  aarital 
status  tbl  (4) 
sega  key 


1 

302 

Date  of  status 

MARDT 

N 

6 

YY51MDD 

AM 

400 

Address 

ADDR 

33 

Dependt  sega  of 

--.V 

CHARACT,  lev  3, 

v*\ 

sega  4,  repeated 

«a 

401 

Address 

ADDRESS 

AN 

26 

- 

402 

Housing  status 

HODSE 

N 

1 

See  housing 

v. 

status  tbl  (6) 

*  ^ 
v- 

sega  key 

403 

Date  of  status 

HOOSDT 

N 

6 

YYMMDD 

%* 

*• 

n 

,  •  • 
*  V 

500 

Body  charachteristir 

BODTCHAR 

18 

Dependt  sega  of 
CHARACT,  lev  3, 

sega  5,  or.e 

^  - 

occur 

501 

Height 

HEIGHT 

N 

3 

In  Kg 

ft 

502 

Height 

HEIGHT 

N 

3 

In  Ca 

Lj 

503 

Blood  type 

BLOOD 

N 

1 

See  blood  type 
tbl  (7)  ,  sega 
key 

3 

504 

Color  of  skin 

SKIN 

N 

1 

See  color  of 

«  *  . 

*  .  * 

skin  tbl  (8) 

-  *".t 

505 

Hair 

HAIR 

N 

1 

see  hair  tbl 

v>- 

(9) 

m 

>n  »■ 

506 

Color  of  eyes 

EYES 

N 

1 

See  color  of 

eyes  tbl  (10) 


507 

Size  of  shoes 

SHO  ES 

N 

2 

- 

508 

Size  of  hat 

HAT 

N 

2 

- 

509 

Size  of  pants 

PANTS 

N 

1 

See  pant  shirt 

tbl  (11) 

510 

Size  of  shirt 

SHIRT 

H 

1 

See  pant  shirt 
tbl  (11) 

511 

Size  of  chest 

CHEST 

N 

2 

• 

600 

Category  and  status 

CATSG 

29 

Dependt  sega  o 
CHAR ACT,  lev  3 

sega  6,  one 

occur 

601 

Original  personal 

ORPERST 

N 

2 

See  personal 

status 

status  tbl  (1) 

602 

Date  of  original 
personal  status 

ORPERDT 

N 

6 

YYMMDD 

603 

Current  personal 

CRPERST 

N 

2 

See  personal 

status 

status  tbl  (1) 

segm  key 

604 

Date  of  current 

CRPERDT 

N 

6 

YYMMDD 

personal  status 

605 

Personal  category 

CATEGORY 

S 

1 

See  personal 
category  tbl 

(2) 

606 

Date  of  personal 

category 

DTGORY 

N 

6 

YYHMDD 

607 

Active  duty 

DTACT 

N 

6 

YTMMDD 

obligated  tiae 
(Active  service 


duty  began) 


701 

Hank/Group 

RANKG 

N 

2 

See  rank  tbl 

(18)  ,  sego  key 

702 

Status  of  rank 

STB ANK 

N 

1 

See  status  of 

rank  tbl  (13) 

703 

Date  of  rank 

DTRANK 

N 

6 

YYMMDD 

704 

Number  of  decision 

NBDECLET 

AN 

8 

Format:  NNNNMMYY 

letter 

NNNN  :  Number 

MM  :  Month 

YY  :  Year 

705 

Date  of  decision 

DTDECLEI 

N 

6 

YYMMDD 

letter 

706 

Who  gave  the 

GVDECLET 

AN 

15 

Official 

decision  letter 

functionary 

707 

Type  of  promotion 

TPPROM 

N 

1 

See  type  of 
promotion  rbl 
(14)  - 

800 

Profession 

PROFESS 

71 

Dependt  segm  of 

root,  lev  2, 
segm  4,  repeated 

801 

Name  of  profession 

NMPROF 

AN 

15 

- 

802 

Number  of  decision 

NBDECP 

AN 

8 

Format:  nnnnhmyy 

NNNN  :  Number 

KM  :  Month 

YY  :  Year 

803 

Date  of  decision 

DTPROF 

N 

6 

NNNNNN-YYMKDD 

letter 

804 

Number  of 

NEW  ARP 

AN 

8 

Format:  NNNNMMYY 

professional 

NNNN  :  Number 

warrant 


NUNN 


Number 

Month 


805 

•  '  ■  .*  .  .  .  . 

Date  of  warrant 

r  s’  , 

DTWARP 

N 

6 

NNNNNN-YYMflDD 

806 

Echelon  of 

ECHELON 

N 

2 

See  echelon 

profession 

tbl  (21) 

807 

Station 

STATION 

N 

3 

See  station  tbl 

(22) 

803 

Reporting  date 

DTSTAT 

N 

6 

YYMHDD 

809 

Status  of 

STPLACE 

N 

1 

See  status  of 

placement 

placement  tbl 

(15) 

810 

Date  of  placement 

DTPLACE 

N 

6 

YYNSDD 

900 

Education 

ED0C 

73 

Dependt  sega  o 

root,  lev  2, 

segm  9,  repeat' 

901 

Group  code  of 

education 

EDUCCD 

N 

3 

See  group  code 

of  education 

tbl  (20)  ,  sega 

key 

902 

Education 

Instituted  Name 

EDO CNN 

AN 

15 

• 

903 

Start  date 

EDUCSD 

N 

6 

YYMHDD 

904 

Completion  date 

EDUCCN 

N 

6 

YYHHDD 

905 

Station 

EDSTAT 

N 

3 

See  station 

tbl  (22) 

906 

Town  (city) 

EDTOHN 

AN 

15 

- 

907 

Result  of 

education 

RESOLT 

N 

1 

See  result  of 

education  tbl 

(16) 

908 

Class  standing 

CST AND 

N 

3 

- 

909 

Class  size 

CSIZE 

N 

3 

- 

1000  Subject 


SUBJ  18  D9per.dt  seam  of 

EDUC,  lev  3, 


59 


segm  10, 

repeated 

1001 

Subject  name 

SUBJECT 

AN 

15 

Segm  key 

1002 

Grade 

GRADE 

AN 

3 

Can  be  numeri 

or  alphabetic 

1100 

Family 

FAS 

76 

Dependt  segm  cf 

root,  lev  2, 

segm  6,  repeats' 

1101 

Family  name 

FNASE 

AN 

26 

Name,  title 

1102 

Family  relation 

FREL 

N 

1 

See  family 

relation  tbl 

( 17) ,  segm  key 

1103 

Sex 

FSEX 

H 

1 

See  sex  tbl  (3) 

1104 

Birth  date 

PDBIRTH 

N 

6 

YTHMDD 

1104 

Birth  place 

FPBIRTH 

AN 

15 

Town  (city) 

1105 

Religion 

FPRELIGI* 

N 

1 

See  religion 

• 

tbl  (12) 

1107 

Address 

FADDR 

AN 

26 

• 

1200 

Activity 

FACT 

48 

Dependt  segm  of 

FAM,  lev  3, 

repeated 

1201 

Name  of  activity 

FNACT 

AN 

26 

Segm  key 

1202 

Place  of  activity 

FPACT 

AN 

15 

Town  (city) 

1203 

Start  date 

FSACT 

N 

6 

ITHHDD 

1204 

Completion  date 

FCACT 

N 

6 

YYNHDD 

1300 

Family  education 

FEDUC 

16 

Dependt  segm  of 

PAS,  lev  3, 
segm  13, 
repealed 


Y 


.V  ww.-*./. 


1301 

Education 

FEDNACT 

AN 

15 

- 

Institute's  Name 

1302 

Group  code  of 

FCD ACT 

N 

3 

See  group  code 

education 

of  education 

tbl  (20)  ,  segn* 

key 

1303 

Result  of 

FEDRES 

N 

1 

See  result  of 

education 

education  tbl 

(16) 

1400 

Payroll 

PAYROLL 

59 

Dependt  segm  of 

root,  lev  2, 

segm  14,  one 

occurr 

1401 

Date  of  begining 
payroll 

DBPAY 

N 

6 

YYSMDD 

1402 

Rank  in  payroll 

‘repay 

N 

2 

See  rank  tbl 

(18) 

1403 

Payroll  period 

PER  PAY 

N 

3 

In  flonth 

1404 

Number  of  children 

authorized  faaily 

allowence 

CHFAM 

N 

1 

1405 

Sratus  of  children 

STCHFAH 

N 

1 

See  children 

authorized  faaily 

allowance 

allowense 

status  tbl  (5) 

1406 

Bain  saLary 

BAINS AL 

N 

6 

In  Rupiah 

1407 

Bife's  faaily 

allowance 

BFALL 

N 

5 

In  Rupiah 

1408 

Children  faaily 

allowance 

CHALL 

N 

5 

In  Rupiah 

1409 

Other  faaily 

allowance 

OTALL 

N 

5 

In  Rupiah 

1410 

Obligated  reduction 

OBRED 

N 

5 

In  Rupiah 

v.v.v.v ./*  •  ,’V 


1411 

Rice  reduction 

BCR  ED 

1412 

Other  reduction 

OTRED 

1413 

Total  salary 

T0T5AL 

1414 

Unit  of  payroll 

ONPAY 

1500 

Security 

SEC 

1501 

violation /Infringe 

VTYPE 

1502 

What 

WHAT 

1503 

Where 

WHERE 

1504 

When 

WHEN 

1505 

Why 

WHY 

1506  How 


1600 

Who  involved 

WHOINV 

1601 

1602 

Naae  involved 

Personal 

INVNAHE 

P2RSID 

N  1 


AS  15 


In  Rupiah 
In  Rupiah 
In  Rupiah 
S  a  a  station 
tbl  (22)  ,  sega 
key 


Dependt  segm  of 
root,  lev  2, 
sega  15, 
repeated 

See  violation/ 
infringe  type 
tbl  (23),  sega 
key 

See  what  ■‘■bl 
(24) 

Town  (city) 
YTHHDD 
This  reason 
description  is 
stored  in  other 
file  with  key 
number  here 
(N  5) 

Saae  as  1505 


Dependt  sega  of 
SEC,  lev  3, 
saga  16, 
repeated 
Sega  key 
Personal  serial 


identification 

number  or  other 

valid  identi¬ 

fication 

Profession 

PRO  PIN  V 

AN  15 

- 

1700 

Measures 

HEAS 

27 

Dependt • segm  of 

SEC,  lev  3,  segm 
16,  repeated 

1701 

Type  of  action 

NHEAS 

AN 

15 

Segm  key 

1702 

Start  date 

SHEAS 

N 

6 

riMMDD 

1703 

Completion  date 

CHEAS 

N 

6 

YIMMDD 

APPENDIX  C 

NEB  DATABASE  DICTIONARY 


This  data  dictionary  contains  descriptions  of  the  Personnel 
Data  Base  segments  (data  elements  groups)  and  their  data 
elements.  Thera  ara  six  columns  in  the  table: 
(See  Appendix  B  for  abbreviations) 


S  2S33SS SS 

====  = 

ELS 

DAT A-ELE SENT 

DATA- 

r  y- 

#OF 

DESCRIPTION 

* 

NAME 

PE 

CHAR 

100 

Sain  identification 

NAINID 

76 

Root  segm  DB 

lav  1,  seam  1, 

one  occur 

101 

Personal  Serial 

SEHN03 

N 

9 

Record  key 

Number 

(Sain  Key) 

102 

Name 

NANE 

AN 

26 

Name,  title 

103 

Corps 

COBPS 

N 

3 

See  corps  tbl 

(19) 

104 

Sex 

SEX 

N 

1 

Sea  sex  tbl  (3) 

105 

Birth  date 

DNBIBTH 

N 

6 

YYMHDD 

106 

Birth  place 

PSBIRTH 

AN 

15 

Town  (city) 

107 

Religion 

RELIGION 

N 

1 

Sae  religion 

tbl  (12) 

108 

Tribe 

TRIBE 

AN 

15 

• 

200 

Personal 

CHARACT 

Dependt  segm  of 

root,  lev  1 , 


occur 


& 


300  Harriage 


301  Marital  states 


302  Date  of  status 


NASH 


HARST 


MARDT 


7  Dependt  sega  of 
CHARACT,  lev  3 , 
seam  3,  repeated 

N  1  See  aarital 

states  tbl  (4) 
sega  key 
N  6  YYttHDD 


3 


400  Address 


401  Address 


ADDR 


ADDRESS  AH  26 


Dependt  segm  of 
CHARACT,  lev  3, 
sega  4 ,  repeated 


500  Address  status 


ADDRSTA 


501  Housing  status 


502  Date  of  status 


HOUSE 


HOUSDT  S 


Dependt  sega  of 
ADDR,  lev  4, 
sega  5,  repeated 

See  housing 
status  tbl  (6) 
sega  key 
YYMMDD 


600  Body  charachtaristic  BODTCHAR 


Dependt  sega  of 
CHARACT,  lev  3, 


sega  6, 

occur 

601 

Haight 

HEIGHT 

H 

3 

Ir.  Kg 

602 

Height 

HEIGHT 

N 

3 

In  Ca 

603 

Blood  type 

BLOOD 

S 

1 

See  bio 

tbl  (7) 

f  »  *  •  *  •  *  •  *  m  *  *  jt 

**‘-  »  *  •  *  A  ‘  «  -  *  -  IjlAj.' 


K~Y 


604 

Color 

of 

skin 

SKIN 

N 

1 

See  color  of 

skin  tbl  (8) 

605 

Hair 

HAIR 

N 

1 

See  hair  tbl 

(9) 

606 

Color 

of 

eyes 

EYES 

N 

1 

See  color  of 

eyes  tbl  (10) 


700 

Personal 

size 

PEBSIZ 

8 

Dependt  sag m  of 

B0DYCHAR,  level 

4,  ssgm  7 ,  one 

occur 

701 

Size  of 

shoes 

SHOES 

N 

2 

- 

702 

Size  of 

hat 

HAT 

N 

2 

- 

703 

Size  of 

pants 

PANTS 

N 

1 

See  pant  shirt 

tbl  (11) 

704 

size  of 

shirt 

SHIRT 

N 

1 

See  pant  shirt 

tbl  (11) 

705 

SiZ9  cf 

chest 

CHEST 

N 

2 

** 

800 

Category 

and  status 

CAT  EG 

29 

Dependt  segm  of 

CHABACT,  lav  3, 
ssgm  8,  one 
occur 


801 

Original  personal 

states 

ORPERST 

N 

2 

Sea  personal 

status  tbl  (1) 

802 

Date  of  original 
personal  status 

ORPERDT 

N 

6 

YYHHDD 

803 

current  personal 

status 

CSPERST 

N 

2 

See  personal 

status  nbl  (1) 

segm  key 

804 

Date  of  current 

CRPERDT 

N 

6 

YYSHDD 

personal  status 


66 


805  Personal  category 


CATEGORY  N 


1 


See  personal 


806 

Date  of  personal 

DTGOR  Y 

N 

6 

categc 

(2) 

YYMMDD 

807 

category 

Active  duty 

DTACT 

S 

6 

YYSMDD 

obligated  tine 
(Active  service 
duty  began) 


900 

Rank 

RANK 

39 

Deper.dt  segm  of 

root,  lav  2, 

segm  9,  repeated 

901 

Rank/Group 

RANKG 

N 

2 

See  rank  tbl 

(18)  ,  ssgm  key 

902 

Status  of  rank 

STRANK 

N 

1 

See  status  of 

rank  tbl  (13) 

903 

Data  of  rank 

DTRANK 

S 

6 

YYMMDD 

904 

Number  of  decision 

letter 

NBDECLET 

AN 

8 

Pormar:  NNNNBMYY 

NNNN  :  Number 

UN  :  Month 

YY  :  Year 

905 

Date  of  decision 

letter 

DTDECLET 

N 

6 

YYNMDD 

906 

Hho  gave  the 

decision  letter 

GVDECLET 

AN 

15 

Official 

functionary 

907 

Type  of  promotion 

TPPROM 

N 

1 

See  type  of 
promotion  tbl 
(14) 

1000 

Profession 

PROPESS 

71 

Dependt  segm  of 

root,  lev  2. 


V 

„V 

A 

f.' 

repeated 

f 

1001 

Name  of  profession 

NMPROF 

AN 

15 

- 

8 

1002 

Number  of  decision 

NBDECP 

AN 

8 

Format:  NNNNMMYY 

- 

NNNN  :  Number 

i  “ 

L* 

MM  :  Month 

w 

YY  :  Year 

1003 

Date  of  decision 

DTFROP 

N 

6 

NNNNNN-YYMMDD 

i 

letter 

> 

1004 

Number  of 

NBWARP 

AN 

8 

Format:  NNNNMMYY 

, 

professional 

NNNN  :  Number 

1 

warrant 

MM  :  Month 

| 

YY  :  Year 

| 

1005 

Date  of  warrant 

DTWARP 

N 

6 

NNNNNN  -YY.MMDD 

H' 

1006 

Echelon  of 

ECHELON 

N 

2 

See  echelon 

i". 

profession 

tbl  (21) 

1007 

Station 

STATION 

N 

3 

See  station  tbl 

SI 

(22) 

1008 

Reporting  date 

DTSTAT 

N 

6 

YYMHDD 

1009 

Status  of 

STPLACE 

N 

1 

See  status  of 

placement 

placement  tbl 

i; 

(15) 

1 

1010 

Date  of  placement 

DTPLACE 

N 

6 

YYMMDD 

1102  Education 

Institute's  Name 


EDOCSM 


AN  15 


1133 

Start  date 

EDUCSD 

N 

6 

YJMHDD 

1104 

Completion  date 

EDUCCN 

N 

6 

YfMNDD 

1105 

Station 

EDS TAT 

N 

3 

See  ststion 

tbl  (22) 

1106 

Town  (city) 

EDTOWN 

AN 

15 

- 

1107 

Result  of 

education 

RESULT 

N 

1 

See  resul*  cf 

education  tbl 

(16) 

1108 

Class  standing 

CST AND 

N 

3 

- 

1109 

Class  size 

CSIZE 

N 

3 

- 

1200 

Subject 

SUB  J 

18 

Depen dt  segm  of 

EDUC,  lev  3, 

segm  12, 

repeated 

1201 

Subject  name 

SUBJECT 

AN 

15 

Segm  key 

1202 

Grade 

GRADE 

AN 

3 

Can  be  numeric 

or  alphabetic 


1300 

Family 

FAN 

76 

Dependt  segm  of 

root,  lev  2, 

segm  13, 

repeated 

1301 

Family  name 

FNANE 

AN 

26 

Name,  title 

1302 

Family  c elation 

FREL 

N 

1 

See  family 

relation  tbl 

(17)  ,  segm  key 

1303 

Sex 

FSEX 

N 

1 

See  sex  tbl  (3) 

1304 

Birth  date 

FDBIRTH 

N 

6 

TIMHDD 

1304 

Birth  place 

FPBIRTH 

AN 

15 

Town  (city) 

1305 

Religion 

FPRELIGI 

N 

1 

See  religion 
tbl  (12) 

1307 

Address 

FADDR 

AN 

26 

- 

69 


1400 

Activity 

FACT 

48 

Dependt  segm  of 

FAS,  lev  3, 

segm  14 

repeated 

1401 

Nans  of  activity 

FH  ACT 

AH 

26 

Segm  key 

1402 

Place  of  activity 

FPACT 

AH 

15 

rovr.  (city) 

1403 

Start  date 

FSACT 

H 

6 

yyssdd 

1404 

Completion  date 

FCACT 

H 

6 

ryssDD 

1500 

Family  education 

F3D0C 

16 

Dependt  segm  of 

FAS ,  lev  3, 
sagm  15, 
repeated 


i 

1501 

Education 

Institute* s  Same 

'  j  t- 

•• 

V 

> 

i 

1502 

Group  code  of 

education 

f 

1503 

Result  of 

education 


§ 

> 

s 

« 

Tv 

1600 

Payroll 

s 

1601 

Date  of  begining 

payroll 

? 

1602 

Rank  in  payroll 

FEDHACT 

AH 

15 

• 

FCD  ACT 

H 

3 

See  group 

code 

of  educat 

ion 

-bl  (20), 

key 

segm 

FEDRES 

H 

1 

Sea  result  of 

education 

tbl 

(16) 

PAYROLL 

59 

Dependt  segm  of 

root,  lev  2, 

segm  16,  cne 

occurr 

DBPAY 

H 

6 

YYSSDD 

RKPAY 

H 

2 

See  rank  tbl 

70 


(18) 


1603 

Payroll  period 

PREPAY 

s 

3 

In 

north 

1604 

Nuaber  of  children 

authorized  faaily 

allowance 

CHFAH 

H 

1 

1605 

Status  of  children 

authorized  faaily 

allowance 

STCHFAM 

N 

1 

See  children 

allowance 

status  tbl  (5) 

1606 

Hain  salary 

341  IS  IL 

H 

6 

la 

Bupiah 

1607 

Wife*s  faaily 

allowance 

WFALL 

S 

5 

la 

Rupiah 

1608 

Children  faaily 

allowance 

CHILL 

H 

5 

In 

Bupiah 

1609 

Other  faaily 

allowance 

OT1LL 

H 

5 

la 

Rupiah 

1610 

Obligated  reduction 

OB  BED 

H 

5 

In 

Rupiah 

1611 

Bice  reduction 

BCBED 

M 

5 

In 

Rupiah 

1612 

Other  reduction 

OTB  ED 

H 

5 

In 

Bupiah 

1613 

Total  salary 

TOT SAL 

H 

6 

In 

Bupiah 

1614 

Unit  of  payroll 

OH  PAY 

N 

4 

See 

tbl 

hey 

station 

(22)  ,  sega 

1700 

Security 

SEC 

35 

Depen dt  segm  of 

root,  lev  2 , 
segm  17, 
repeated 


1701 

Violatio  n  /In  f  r  inge 

YTYPE 

N 

1 

See  violation/ 

infringe  type 

tbl  (23)  ,  sega 
icey 

1702 

What 

WHAT 

N 

3 

See  what  tbl 

(24) 

1703 

Where 

WHERE 

AN 

15 

Town  (city) 

71 


V.  •* 


1704 

When 

WHEN 

N 

6 

TYMMDD 

1705 

Nhy 

SHY 

R 

5 

This  reason 

description  is 
stored  in  other 
file  with  key 
number  here 
(S  5) 


1706 

Bow 

HOH 

H 

5 

Same  as  1505 

1800 

Who  involved 

SHOIRV 

50 

Dependt  segm  of 

SEC,  lev  3, 

segm  18, 

repeated 

1801 

Rase  involved 

IRVNAHE 

AN 

26 

Segm  key 

1802 

Personal 

PEBSID 

AN 

9 

Personal  serial 

identification 

lumber  or  other 

valid  identi- 

• 

f ication 

1803 

Profession 

PROFINV 

AN 

15 

* 

1900 

Measures 

HEAS 

27 

Dependt  segm  of 

SEC,  lev  3,  segm 
19,  repeated 

1901 

Type  of  action 

RHEAS 

AN 

15 

Segm  key 

1902 

Start  date 

SHEAS 

N 

6 

YYMMDD 

1903 

Conpletion  date 

CHEAS 

N 

6 

YIHHDD 
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